Firstly, if a row contains javascript code, after inline editing this
row and saving, the code is executed. Secondly, missing sanitization
on the db, table and column names leads to XSS vulnerabilities.

When the js_frame parameter of phpmyadmin.css.php is defined as an
array, an error message shows the full path of this file, leading to
possible further attacks (CVE-2011-3646).

Crafted values entered in the setup interface can produce XSS; also,
if the config directory exists and is writeable, the XSS payload can
be saved to this directory (CVE-2011-4064).

This upgrade provides the latest phpmyadmin version (3.4.6) to address
these vulnerabilities.
_______________________________________________________________________